The Ransomware Attack on Travelex
The ransomware attack on Travelex occurred on New Year’s Eve 2020. On this day, the foreign exchange company was struck by the Sodinokibi (aka REvil) malware, which forced its website offline. The attack also impacted its stores and banking services. Reports at the time suggested that the attack was made possible due to a critical unpatched vulnerability in Travelex’s Pulse Secure VPN servers. This vulnerability, logged as CVE-2019-11510, allows attackers to infiltrate Pulse Secure VPN servers and then remotely execute malicious code. Apparently, Troy Mursch, security researcher at Bad Packets, had tried to warn Travelex of their vulnerability back in September 2019. However, Travelex ignored the researcher and ended up paying the price some 4 months later. It took Travelex two weeks to recover from the attack. The first customer facing systems did not come back online in the UK until 17 January. Since the Sodinokibi ransomware attack, Travelex has struggled to remain afloat.
The Costs of the Attack
To bring its systems back online, Travelex was forced to pay the REvil gang’s ransom. It is believed that the gang demanded £4.6 million for the decryption key to unlock Travelex’s data. Furthermore, the gang threatened to leak 5Gb of sensitive customer data they claimed to have stolen if Travelex did not pay. The ransom money was not the only hit to Travelex’s finances. The disruption to and loss of business due to systems being down also hit the company hard. Unfortunately, Travelex’s woes did not stop there. Before it was able to recover from losses caused by the attack, the Covid-19 pandemic struck. All travel-related companies faced significant disruptions to business due to Covid-19. However, Travelex found itself in an extremely poor position to deal with the additional operational disruption and financial stress Covid-19 caused, thanks to the earlier ransomware attack. Travelex thus plunged into crisis, which forced the company to put itself up for sale in April. However, the emergency auction of the business stalled. By June, Travelex’s banks – which include Barclays and Goldman Sachs – were owed some £90 million by the company. Consequently, the company was placed in the hands of the administrators, with creditor-led restructuring or insolvency being the likely outcomes for the business.
Travelex Saved from Collapse by Restructure
Late last week PriceWaterHouseCoopers (PwC) confirmed that it had been appointed joint administrators of the Travelex Group. The group operates in over 50 countries, both online and through stores in over 1,000 locations, including major airports. It trades in over 80 currencies and has more than 1,000 ATMs worldwide. Furthermore, it provides outsourcing services to banks, supermarkets and travel agencies, thus extending its reach to more than 60 countries. Despite these assets, the Travelex Group was on the brink of collapse. However, this has been prevented by PwC’s restructuring of the business. Although most of the UK retail business will be closed as part of the restructure, the core of the business will be saved. Thanks to an £84 million rescue package Travelex managed to secure late last week, it will be able to keep operating albeit under new ownership. Nonetheless, the restructuring means that some 1,300 UK jobs will be lost. However, “The completion of this transaction has safeguarded 1,802 jobs in the UK and a further 3,635 globally, and ensured the continuation of a globally recognised brand,” said Toby Banfield, joint administrator at PwC.